LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Address 'Mining' from the Web Archive Interface?

Roger Fajman <[log in to unmask]>

Mon, 24 Nov 1997 21:57:11 EST

text/plain (59 lines)

> >But having private notebooks doesn't stop someone from going to a list's
> >web archive interface page, does it?  Is it currently possible to restrict
> >access to a list's WAI page to only that list's subscribers?  If so, how?
>
> It is my understanding (and experience) in 1.8c that setting the notebook
> to private means that you do not have a web archive available, and that
> sites running the beta of 1.8d have private notebooks and password
> protected Web archives.
>
> Karen Strauss

Our experience with 1.8d beta (slightly dated now) is that the archives
of lists with Notebook=...,Public have their archives available to
anyone through the web interface, as they do in 1.8c.  Lists with
Notebook=...,Service and Service=Local and lists with
Notebook=...,Private are available through the web interface in 1.8d
(this is new).  In both cases a personal password is required.  The
personal password is obtainable through the web interface, subject to
the normal confirmation process via email.  In the former case, the
personal password is used just to verify that your email address is in
the list's service area.  In the latter case, it is used to verify that
you are a subscriber to the list.  (Note that lists with
Confidential=Yes are never available through the web interface).  I see
a few problems with this implementation using personal passwords:

(1) The names of lists with Service=Local are now revealed to the world
through the web interface, possibly opening them up to attack by
spammers, etc..  This could be fixed with the mechanism described in
item 2.

(2) It requires many more people than before to get personal passwords.
Naive users may well find that process confusing.  I would like to have
a simpler way for people to access lists with Notebook=...,Service.
What I would like to have is a mechanism configured by the LISTSERV
maintainer that would allow certain ranges of IP addresses to be mapped
to particular service areas.  Users with the right IP address would not
need a personal password.  Others could still get a personal password
to get archives access.  Later on such a mechanisn could be extended to
support things such as public key certificates to identify users.  It's
really not as complicated as it sounds, especially given some things
that have already been done in 1.8d with respect to generating the HTML
from templates.

(3) It's not at all unusual for people to have multiple equivalent
email addresses.  For example, my primary email address is
[log in to unmask] But [log in to unmask], [log in to unmask], and several
other similar forms are equivalent.  LISTSERV allow you to get a
personal password only for the address that's in your From header.  If
a list owner adds you to a list using an alternate form of your
address, there's no way for you to get at the list's private archives
through the web interface, since you can't get a personal password for
the right address.  Worse, the user may not even realize what the right
address is, even if they could get a personal password for it.

Roger Fajman                                   Telephone:  +1 301 402 4265
National Institutes of Health                  Internet:   [log in to unmask]
Bethesda, Maryland, USA
Postmaster: CU.NIH.GOV, LIST.NIH.GOV, MAILFWD.NIH.GOV, PACKET.NET.NIH.GOV

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM